67 lines
1.8 KiB
PHP
67 lines
1.8 KiB
PHP
<?php
|
|
|
|
namespace Tests\Feature\Web;
|
|
|
|
use App\Enums\UserRole;
|
|
use App\Models\Customer;
|
|
use App\Models\User;
|
|
use Illuminate\Foundation\Testing\RefreshDatabase;
|
|
use Tests\TestCase;
|
|
|
|
class VmAuthorizationTest extends TestCase
|
|
{
|
|
use RefreshDatabase;
|
|
|
|
public function test_customer_only_sees_own_vms(): void
|
|
{
|
|
$customerUser = User::factory()->create(['role' => UserRole::Customer]);
|
|
$otherUser = User::factory()->create(['role' => UserRole::Customer]);
|
|
|
|
$ownVm = Customer::query()->create([
|
|
'user_id' => $customerUser->id,
|
|
'name' => 'own-vm',
|
|
'domain' => 'own.hexahost.de',
|
|
'status' => 'active',
|
|
]);
|
|
|
|
Customer::query()->create([
|
|
'user_id' => $otherUser->id,
|
|
'name' => 'other-vm',
|
|
'domain' => 'other.hexahost.de',
|
|
'status' => 'active',
|
|
]);
|
|
|
|
$this->actingAs($customerUser)
|
|
->get(route('vms.index'))
|
|
->assertOk()
|
|
->assertSee('own-vm')
|
|
->assertDontSee('other-vm');
|
|
|
|
$this->actingAs($customerUser)
|
|
->get(route('vms.show', $ownVm))
|
|
->assertOk();
|
|
|
|
$otherVm = Customer::query()->where('name', 'other-vm')->first();
|
|
$this->actingAs($customerUser)
|
|
->get(route('vms.show', $otherVm))
|
|
->assertForbidden();
|
|
}
|
|
|
|
public function test_admin_sees_all_vms(): void
|
|
{
|
|
$admin = User::factory()->create(['role' => UserRole::Admin]);
|
|
|
|
Customer::query()->create([
|
|
'user_id' => User::factory()->create()->id,
|
|
'name' => 'vm-a',
|
|
'domain' => 'a.hexahost.de',
|
|
'status' => 'active',
|
|
]);
|
|
|
|
$this->actingAs($admin)
|
|
->get(route('vms.index'))
|
|
->assertOk()
|
|
->assertSee('vm-a');
|
|
}
|
|
}
|